如何将 SAML 身份验证集成到 WCF Web 服务应用程序中 [英] How to integrate SAML authentication into WCF web service application
问题描述
我有一个在 IIS7 上构建和测试的 WCF Web 服务应用程序.关于身份验证,我想为访问 Web 服务中的操作的消费者实现一个 sql server 托管的用户 ID 和密码身份验证.但是有人告诉我,我的公司政策规定我将 SAML 实施到我的 Web 服务中.这意味着任何访问我的 Web 服务操作的客户端都需要使用 SAML 2.0 进行身份验证.我不熟悉 SAML,但想知道并开始了解如何在我的 Web 服务中实现它.我一直听到两个术语 - 服务提供者和身份提供者,根据网络上的定义,我假设服务提供者是我的网络服务.身份提供者是用户进行身份验证的地方,身份提供者向我的 Web 服务提供断言,然后我让客户端访问操作.我了解理论但不确定如何付诸实践.访问我的 Web 服务的客户端不是内部的,即它们是外部的(外网客户端),那么在这种情况下,身份提供者将是什么以及我如何将代码添加到我的 Web 服务中以使其成为服务提供者?
I have a WCF web service application built and tested on IIS7. Regarding authentication I wanted to implement a sql server hosted userd id and password authentication for consumers accessing the operations in the web service. However I was told that my company policy dictates that I implement SAML into my web service. That means any client that is accessing my web service operations need to be authenticated using SAML 2.0. I am not familiar with SAML but like to know and get started on how to implement it within my web serivice. I keep hearing two terms - Service Provider and Identity Provider, based on definitions on the web, I am assuming the service provider is my web service. identity provider is where the user authenticates to and the identity provider provides a assertion to my web service and then I let the client access the operations. I understand the theory but not sure how to put into practical implementation. Clients accessing my web service are not internal , i.e. they are external (extranet clients), so in this case what will be the identity provider and how do I add code to my web serice to make it a service provider?
我希望您理解我的困境,任何人都可以解释我需要采取的方法,非常感谢任何帮助我完成网络服务的示例或教程.
I hope you understand my dilemma, can anyone explain the approach I need to take and any samples or tutorials that help me complete the web service is greatly appreciated.
推荐答案
我认为 SAML 2.0 不是由标准 WCF 提供的.要使其工作,您必须将 WCF 与 WIF(Windows 身份基础)结合使用.这里有非常复杂的示例,使用 WCF 和 WIF 和基于声明的授权.该示例使用 SAML 1.1,但它只是配置更改以使其适用于 SAML 2.0.
I think SAML 2.0 is not provided by standard WCF. To make it work you must combine WCF with WIF (Windows identity foundation). Here you have very complex example of usage WCF with WIF and claim based authorization. The example uses SAML 1.1 but it is only configuration change to make it work with SAML 2.0.
您的问题通常称为联合身份验证或联合身份,其中用户针对 STS(服务令牌服务)进行身份验证并接收安全令牌(例如 SAML 令牌).比客户端调用真正的服务(RP - 中继方),它传递它的安全令牌.那么你要建造什么?如果您的公司政策要求使用 SAML,他们很可能已经拥有 STS,您只需要按照文章中提到的 SAML 令牌对客户端进行身份验证.
Your problem is generally called Federated authentication or Federated identity where user authenticates against STS (service token service) and it receives security token (it can be for example SAML token). Than the client calls real service (RP - relaying party) where it passes its security token. So what are you going to build? If your company policy demands SAML usage they most probably already have STS and you just need to authenticate clients by SAML tokens as mentioned in the article.
这篇关于如何将 SAML 身份验证集成到 WCF Web 服务应用程序中的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
